Grub has been for a few years the GNU / Linux bootloader, and it has managed to surpass in performance and configuration possibilities the revered LILO, the first that the users of the great free operating system met. But of course, more possibilities imply that those who have physical access to the team will also have them, so it is not a bad idea to think about improve security, and that is what we are going to show in this post.
The idea is power add password to Grub menu, so that no one except those who know it can access certain parts of the bootloader, such as logging into recovery mode and other menu options and simply leaving the possibility of starting the computer in normal mode available (so that other users can boot and use it, but without 'touching' anything in Grub).
Let's see first how to put password to Grub menu, which will completely eliminate the possibility of editing the parameters that are passed to it and thus modify its functionality. For this we must open a terminal window (Ctrl + Alt + T) and execute:
grub-md5-crypt
We push "Enter" and we will be asked for a password. We choose one and confirm it, and after that the command offers us a string of the style ‘$1$f/Nfq$1YrrUM0adYBh/xHCj2UEB1’. What we have to do next is open the file /boot/grub/menu.lst for editing:
sudo nano /boot/grub/menu.lst
We add, just before the list of boot entries, the command 'password' followed by two dashes and the string that the previous command gave us. So we have something like this:
password --$1$f/Nfq$1YrrUM0adYBh/xHCj2UEB1
We save the file and it will no longer be possible to access the edition of Grub parameters, unless we enter the letter «P» and then the password that we have chosen in the previous steps.
If instead of blocking the input of parameters we want to do it for a specific entry in the Grub menu, what we do is copy the mentioned line and then copy it between the lines 'title' y 'root'.
Great, this comes from "pearls." Thanks, I always read them, but I don't comment. With exceptions.
It seems that it was yesterday when 28 presses of the backspace key allowed this protection to be skipped ...
Good morning Community, I am a bit new to this GNU / Linux issue, yesterday I installed Elementary Os from a USB on my machine, everything worked normally, when I restarted the machine I got this message and it did not let me start the system , I was rambling on the web, but I did not find anything concrete on how to fix it or start the system, if someone could help me with this issue I would appreciate it, greetings, Pura vida!